The modern CFO: financial gatekeeper, strategic adviser and cybersecurity expert?

7 June 2018:

When studying the evolution of the CFO role, it becomes clear that it has gone through a metamorphosis in the last twenty years. A lot of this has to do with digital transformation as traditional tasks attributed to the CFO, such as producing and analysing financial statements, have now been largely computerised.

CFOs can’t just narrow their focus on the bare financial bones, they need to enable wider strategies of the business to keep it profitable. This should include promoting cybersecurity in order to protect the organisation against attack, particularly as attacks become more costly and the value of data increases over time

It is the CFO’s responsibility to advise other board members on the potential financial impact of a breach and ensure that funds are allocated for preventing and containing incidents. Given that financially focused attacks like business email compromise (BEC) strike directly at the heart of the balance sheet, it should go without saying that CFOs be well-versed in the most efficient ways to counteract cyberattacks.

To put this all into perspective, a recent study commissioned by Bromium revealed that global cybercrime generates around $1.5tn a year in revenues — about the same as the GDP of Russia. As Bromium stated, “If cybercrime was a country it would have the 13th highest GDP in the world”.

According to Verizon’s most recent Data Breach Investigations Report (DBIR), phishing attacks and pretexting — in which cybercriminals pose as trusted contacts in order to gather information and/or lay a trap for unsuspecting end users — represent 98% of social cyber-incidents and 93% of data breaches.

Furthermore, 59% of cybercriminals who perpetrate social attacks are motivated by financial gain. It’s important for CFOs to note Verizon’s findings here because the DBIR identified that finance and HR are the two departments most likely to be targeted in pretexting attacks like BEC, which often lead to the execution of fraudulent wire transfers. Given that financial teams are especially targeted and successful attacks can cost businesses dearly, CFOs must be part of the team responsible for addressing the real business risks of cybercrime.